1. Introduction
1.1 Who we are
- Company: SyncTechno Inc.
- Business address: μμΈμ μμ΄κ΅¬ κ°λ¨λλ‘ 311 904/918νΈ
- Business registration number: 114-87-13580
- Representative: ꡬνν¬ (Hyounhee Koo)
- Domain: https://alerti.synctechno.com
- Contact: alerti@synctechno.com
1.2 What Alerti does
Alerti routes earthquake and tsunami alerts published by official agencies (KMA, JMA, USGS, CWA, PTWC) to users whose coarse location intersects an event's impact radius. It is an information service intended to complement, not replace, official emergency systems.
1.3 Privacy-by-design summary
- We never receive or store your precise GPS coordinates. Your device converts your location into a coarse H3 cell index (~1 km resolution) before sending anything to our servers.
- Alerti 1.0 only updates your location while the app is in the foreground. We do not track your location in the background.
- Users under 14 are not permitted to register.
- We do not sell your personal information to anyone, ever.
2. Information We Collect
2.1 Required information
| Category | Specific items | How collected |
|---|---|---|
| Account | Google account email, Google subject ID, display name, profile photo URL | Automatically from Google OAuth 2.0 at sign-in |
| Device | FCM push token, OS type & version, app version, device locale | Automatically at app install / launch |
| Location | Coarse H3 cell index (~1 km area identifier) | Computed on-device from GPS when location permission is granted; only the H3 index is sent |
| Notification preferences | Minimum magnitude / intensity threshold, category toggles | Set by you in the app |
| Consent records | Records of agreement / withdrawal for each of: Terms of Service, Privacy Policy, Location-Based Services Terms, Push Notifications (operational), Marketing | Recorded when you grant or withdraw consent |
2.2 Optional information
| Item | When collected | Notes |
|---|---|---|
| "I'm Safe" reports | When you tap the safety report button | Stores timestamp, H3 cell, and user identifier |
| Marketing consent | Only with separate, explicit opt-in | Withdrawable at any time |
2.3 Automatically generated information
- IP address (discarded or anonymized immediately after request handling)
- Service usage logs (API call logs, alert delivery records)
- Crash and error diagnostics (stack traces, OS / device model, app version)
2.4 Information we do NOT collect
We do not collect, transmit, or store any of the following:
- Your precise GPS coordinates. Your precise GPS coordinates are NEVER transmitted to or stored on Alerti servers. The app converts your location into a coarse area identifier (H3 cell, approximately 1 km resolution) on-device, and only this coarse identifier is sent.
- Korean resident registration numbers or other restricted government identifiers
- Payment card numbers (the Service is free; no payments occur)
- Call logs, SMS contents, or contact lists
3. How We Use Your Information
We use your information to:
- Create and manage your account, verify you are at least 14 years old, and prevent abuse.
- Route earthquake and tsunami alerts to your device based on your H3 cell location and your minimum intensity threshold.
- Send push notifications via Firebase Cloud Messaging.
- Record and surface your "I'm Safe" reports.
- Maintain a record of your consents to satisfy applicable laws (PIPA, Location Information Act, ICNA).
- Detect, diagnose, and fix crashes and bugs in order to keep the alert pipeline reliable.
- Comply with legal obligations and respond to lawful requests from public authorities.
We use marketing consent (which is given separately from operational consents) only to send announcements of new features, surveys, and promotional information to users who explicitly opt in.
4. Data Sources and Attribution
Alerti aggregates and re-distributes earthquake and tsunami information published by:
- KMA β Korea Meteorological Administration (www.kma.go.kr)
- JMA β Japan Meteorological Agency (www.jma.go.jp)
- USGS β United States Geological Survey (earthquake.usgs.gov)
- CWA β Central Weather Administration, Taiwan (www.cwa.gov.tw)
- PTWC β Pacific Tsunami Warning Center, NOAA (www.tsunami.gov)
5. Sharing with Third Parties
We do not sell your personal information.
We share information with the following service providers ("processors") strictly to operate the Service. Each processor is bound by a written data-processing agreement that limits use of your data to the purposes described below.
| Recipient | Purpose | Data shared | Retention |
|---|---|---|---|
| Google LLC | OAuth 2.0 sign-in, Firebase Cloud Messaging (push), Firebase Analytics | Email, Google subject ID, display name, profile photo URL, FCM token, device info, app analytics events | Until account deletion or termination of agreement |
| Amazon Web Services, Inc. | Cloud infrastructure hosting (servers, database, storage) | All server-side data described in Section 2 | Until account deletion or termination of agreement |
| Functional Software, Inc. d/b/a Sentry | Application error and crash diagnostics | Error stack traces, OS / device model, app version, pseudonymous user identifier | Auto-deleted after 90 days |
We may also disclose information to:
- Law enforcement or regulators if compelled by valid legal process (e.g., a court warrant) or to protect the life or safety of users or the public.
- A successor entity in connection with a merger, acquisition, or asset transfer, subject to equivalent privacy protections.
6. International Data Transfers
The Service operates from servers located primarily in the Republic of Korea (AWS Asia Pacific (Seoul) region, ap-northeast-2). The processors listed in Section 5 may transfer and process your information in the United States and, in limited cases (backup / disaster recovery), in other AWS regions.
| Recipient | Country | Data transferred | Legal basis |
|---|---|---|---|
| Google LLC | United States | Account, device, FCM token, analytics events | Your consent at sign-up; PIPA Art. 28-8(1)(3); standard contractual terms with Google |
| Amazon Web Services, Inc. | Republic of Korea (primary) / United States (backup) | All server-side data | Your consent at sign-up; PIPA Art. 28-8(1)(3); AWS Data Processing Addendum |
| Functional Software, Inc. (Sentry) | United States | Error diagnostics, pseudonymous user identifier | Your consent at sign-up; PIPA Art. 28-8(1)(3); Sentry DPA |
For users in the EU / UK, transfers outside the EEA / UK rely on the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Addendum), supplemented where applicable by additional safeguards as described in Section 11.
You may withdraw consent to international transfers at any time by deleting your account; in that case the Service can no longer be provided to you.
7. Data Retention
| Item | Retention period |
|---|---|
| Account info (email, Google ID, display name, profile photo URL) | Until account deletion |
| FCM push token, device info | Until account deletion or token expiration |
| Coarse location (H3 cell index) | Discarded immediately after alert routing; no per-user location history is stored |
| Location use / disclosure verification records | 6 months (required by Korean Location Information Act Art. 16(2)) |
| Consent records | 5 years after account deletion (dispute and legal-defence purposes) |
| "I'm Safe" reports | 30 days after submission, or until account deletion (whichever is earlier) |
| Abuse / fraud records | 1 year after detection |
| Service logs / access records | 3 months (Korean Communications Privacy Protection Act) |
After the applicable retention period elapses, data is destroyed without delay. Electronic files are erased using cryptographic erasure or low-level format; paper records, if any, are shredded or incinerated.
8. Security
We apply administrative, technical, and physical safeguards proportionate to the sensitivity of the data:
- Internal data-protection plan and annual training for personnel with access to personal data
- Least-privilege access controls and regular review of access rights
- TLS 1.2+ for all client-server traffic; HTTPS enforced
- At-rest encryption for sensitive database columns
- Intrusion detection / prevention, anti-malware, log retention (β₯ 1 year), tamper-evident audit logs
- One-way hashing of authentication secrets; we do not store passwords (Google OAuth only)
No system is perfectly secure. If we become aware of a breach affecting your data we will notify you and the relevant authorities as required by law.
9. Children's Privacy
Alerti is not directed to children under 14. We do not knowingly collect personal information from children under 14. We verify age at sign-up and reject accounts that appear to belong to children under 14.
If we learn that we have collected personal information from a child under 14, we will delete that information promptly. Parents or guardians who believe a child under 14 has registered may contact us at alerti@synctechno.com to request deletion.
For users under the age of 16 in the EU, we rely on parental consent where required by GDPR Art. 8.
10. Your Rights β Korean Users (PIPA)
If you are located in the Republic of Korea, you have the following rights under the Personal Information Protection Act (PIPA):
- Right to be notified about how your personal information is processed
- Right to access your personal information
- Right to request correction of inaccurate information
- Right to request deletion of your personal information
- Right to request suspension of processing
- Right to withdraw consent at any time
How to exercise:
- In-app: Settings > Account (view, edit, delete account)
- Email: alerti@synctechno.com
- Mail: μμΈμ μμ΄κ΅¬ κ°λ¨λλ‘ 311 904/918νΈ, attn. Data Protection Officer
We will respond within 10 days of receiving a verifiable request, as required by PIPA.
If you believe your rights have been violated, you may also lodge a complaint with the Personal Information Protection Commission (www.pipc.go.kr, +82-1833-6972) or the Korea Internet & Security Agency Privacy Center (privacy.kisa.or.kr, 118).
11. Your Rights β EU / UK Users (GDPR / UK GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:
- Right of access β confirm whether we process your data and obtain a copy
- Right to rectification β correct inaccurate data
- Right to erasure ("right to be forgotten") β request deletion in certain circumstances
- Right to restriction of processing β limit how we use your data
- Right to data portability β receive your data in a machine-readable format and transmit it to another controller
- Right to object β to processing based on legitimate interests, including profiling
- Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
- Right not to be subject to automated decision-making that produces legal or similarly significant effects
Legal bases. We process your personal data on the following bases:
| Activity | Legal basis (GDPR Art. 6) |
|---|---|
| Account creation and alert routing | Consent (Art. 6(1)(a)) and performance of a contract (Art. 6(1)(b)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Service security, fraud prevention, error diagnostics | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Protecting vital interests during a disaster | Vital interests (Art. 6(1)(d)) |
International transfers. Where we transfer your data outside the EEA / UK, we rely on Standard Contractual Clauses (the UK International Data Transfer Addendum where applicable) and additional safeguards as required.
How to exercise: alerti@synctechno.com
Right to lodge a complaint. You have the right to lodge a complaint with your local supervisory authority, including:
- Ireland: Data Protection Commission (www.dataprotection.ie)
- United Kingdom: Information Commissioner's Office (ico.org.uk)
- Other EU member states: edpb.europa.eu/about-edpb/about-edpb/members_en
12. Your Rights β California Users (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know β what personal information we collect, use, share, and the categories of sources and recipients
- Right to delete β your personal information, subject to exceptions
- Right to correct β inaccurate personal information
- Right to opt out of sale or sharing of personal information β WE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING, so there is nothing to opt out of, but you may still submit a request as confirmation
- Right to limit use of sensitive personal information β we use sensitive personal information (precise geolocation is not collected; pseudonymous identifiers are used only for the operational purposes described in Section 3)
- Right to non-discrimination β we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights
Categories of personal information collected (per CCPA):
- Identifiers (email, Google subject ID, FCM token, IP address temporarily)
- Internet or other network activity (app usage logs, error diagnostics)
- Geolocation data (coarse, ~1 km H3 cell β not precise)
- Inferences (notification preferences derived from settings)
How to exercise: Email alerti@synctechno.com with the subject line "California Privacy Request". We will verify your identity using your registered email address. You may designate an authorized agent to make a request on your behalf, subject to verification.
We will respond within 45 days, with one 45-day extension if reasonably necessary.
13. Cookies and Tracking
The Alerti mobile app does not use browser cookies. We use:
- Firebase Cloud Messaging push tokens β to deliver alerts. You can disable push notifications in iOS / Android system settings or in app Settings > Notifications. Disabling tokens means you will not receive alerts.
- Firebase Analytics β to measure aggregate usage (e.g., crash-free rate, active users). Subject to consent where required. You can opt out via your device's tracking-control settings (iOS App Tracking Transparency, Android Reset Advertising ID).
- Sentry diagnostics β to capture crash information. No advertising identifiers are used.
If you visit our website (alerti.synctechno.com) we may use a small number of strictly necessary cookies; we will display a cookie banner where required by law.
14. Changes to This Policy
We may update this Policy from time to time. We will post the updated Policy in the app and on our website at least 7 days before it takes effect. If a change materially affects your rights or obligations, we will give at least 30 days' notice and, where required by law, request your renewed consent.
15. Contact
For any privacy question, request, or complaint:
| Role | Contact |
|---|---|
| Data Protection Officer | κΉμ¬ν (Jaehong Kim) |
| alerti@synctechno.com | |
| Phone | 070-5043-9943 |
| μμΈμ μμ΄κ΅¬ κ°λ¨λλ‘ 311 904/918νΈ, attn. Data Protection Officer |
For location-information specific questions, our Location Information Manager is:
| Role | Contact |
|---|---|
| Location Information Manager | ꡬνν¬ (Hyounhee Koo) |
| alerti@synctechno.com |
Change Log
- v1.0 (2026-06-01) β Initial version.